Active Directory Site and Services with Replication
Active Directory Right and Management
Move AD Database to Other Location
Imprtant Points for Active Directory Group Policy
Active Directory Right and Management
Move AD Database to Other Location
Imprtant Points for Active Directory Group Policy
Hello Professionals,
FSMO Roles: In previous blog, its explained that what is FSMO role and there importance. Today am doing further practical on FSMO that is how to Seize and Transfer.
When to perform seize and when to transfer.
Every Forest level Domain controller having all 5 roles and other Domain level, Domain controller having 3 roles.Its very important to place them on correct place other wise there will be different issues in Domain Controller.
Lab Setup:
Forest Domain Controller: 2003 Standard Edition
Child Domain Controller: 2008R2
Child Domain Controller: 2008R2
Additional Domain Controller: 2012 and 2016
As 2003 is EOL, so today am moving to 2008R2. FSMO roles can be delegate by command as well as GUI from Domain Controllers. Some of organization are delegate FSMO roles in maintenance time of Domain Controller and after maintenance activity roll back the roles to original servers.This is practise to minimize the down time of services and production.
netdom query fsmo is the command to see which server having what type of FSMO Roles. From GUI also you can see the server having what roles are possible.
As the Current server is domain level so having 3 roles and Forest having other 2 roles.
To view Schema Roles first regsvr32 schmmgmt.dll need to register on command prompt, then add the Active Directory Schema console from mmc.
Before proceeding the delegate the FSMO roles, its require to connect the destination domain controller from Forest Root DC.
Open Active Directory Domain and Trust, then click on connect to Domain Controller
Select the domain controller where you are planning to delegate the roles.
and further Schema will me moved like this. First register the dll and add the schema from mmc console.
then finally, All roles are moved to my 2008R2 server. and i can power off 2003 DC.
Still there are lots of thing to modify on configuration based, will be posting very soon.
What is the server which was performed for maintenance didnt caem online or due to some un-wanted issue the server got crash. Then FSMO Seize option works here. Basically From Destination server, you need to follow the below command with administrator access.
ntdsutil
roles
connections
connect to server servername
quit
SEIZE INFRASTRUCTURE MASTER
SEIZE RID MASTER
SEIZE PDC
SEIZE SCHEMA MASTER
SEIZE DOMAIN NAMING MASTER
and then run forcefull sync command to update the data, as it will take some time to respond and update other domain controllers.
What is the server which was performed for maintenance didnt caem online or due to some un-wanted issue the server got crash. Then FSMO Seize option works here. Basically From Destination server, you need to follow the below command with administrator access.
ntdsutil
roles
connections
connect to server servername
quit
SEIZE INFRASTRUCTURE MASTER
SEIZE RID MASTER
SEIZE PDC
SEIZE SCHEMA MASTER
SEIZE DOMAIN NAMING MASTER
and then run forcefull sync command to update the data, as it will take some time to respond and update other domain controllers.
comment and share if any query or issue you are facing.We will try our best to solve the case.
This comment has been removed by the author.
ReplyDeletethanks to all my mates
ReplyDeleteThanks for the amazing article. My two cents about FSMO Roles and steps to transfer FSMO Roles.
ReplyDeletewww.itingredients.com/what-is-fsmo-roles-flexible-single-master-operations/
Thanks Unknown for comment, You shared an awesome another with very detailed link here. Again Thanks a Lot
Delete